search

lifechurch / k8s-deploy-helper

k8s-deploy-helper is a tool to help build and deploy containerized applications into Kubernetes using GitLab CI along with templated manifest files.
MIT License
141 stars 30 forks source link

Vault secret provider #2

Closed WillPlatnick closed 5 years ago

WillPlatnick commented 6 years ago

Some people may want to use vault as a secret provider rather than GitLab.

WillPlatnick commented 5 years ago

TL;DR - We're not going to do this for now.

As a status update, we're not sure how we want to build this integration in.

The root problem is that secrets in k8s aren't super secret. So, people want to use vault to store their secrets securely.

At the same time, putting your secrets in vault and not using Kubernetes secrets introduces a runtime dependency on vault being up when pods start up. We're not sure we want to introduce something else that can go down into our applications.

The other alternative is to sync vault secrets to k8s secrets...but I don't see much of a point.

As of now, we're going to remove this functionality from the roadmap, and we will revisit as Kubernetes secrets mature.